CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5407 – Code Injection vulnerability in RhinOS from SaltOS
https://notcve.org/view.php?id=CVE-2024-5407
27 May 2024 — A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure. Una vulnerabilidad en RhinOS 3.0-1190 podría permitir la inyección de código PHP a través del parámetro "búsqueda" en /portal/search.htm. Esta vulnerabilidad podría permitir que un atacante remoto realice un shell inverso en el sistema remoto, comprometi... • https://github.com/josepsanzcamp/RhinOS • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18761 – SaltOS Erp Crm 3.1 r8126 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-18761
16 Nov 2018 — SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection. SaltOS 3.1 r8126 permite la inyección SQL en action=loginquerystring=user=[SQL]. • https://www.exploit-db.com/exploits/45731 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2018-18763 – SaltOS Erp Crm 3.1 r8126 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-18763
29 Oct 2018 — SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection. SaltOS 3.1 r8126 permite la inyección SQL en action=ajaxquery=numberspage=usuariosaction2=[SQL]. SaltOS Erp Crm version 3.1 r8126 suffers from multiple remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/150004 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 3CVE-2018-18762 – SaltOS Erp Crm 3.1 r8126 - Database File Download
https://notcve.org/view.php?id=CVE-2018-18762
29 Oct 2018 — SaltOS 3.1 r8126 contains a database download vulnerability. SaltOS 3.1 r8126 contiene una vulnerabilidad de descarga de base de datos. Erp Crm version 3.1 r8126 suffers from a database download vulnerability. • https://packetstorm.news/files/id/150005 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 3CVE-2018-18760 – RhinOS CMS 3.x - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2018-18760
29 Oct 2018 — RhinOS 3.0 build 1190 allows CSRF. RhinOS 3.0 build 1190 permite Cross-Site Request Forgery (CSRF). RhinOS CMS version 3.x suffers from an arbitrary file download vulnerability. • https://packetstorm.news/files/id/150018 • CWE-352: Cross-Site Request Forgery (CSRF) •